Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

AWS CodeBuild unanchored pull-request filter misconfiguration security flaw

Vulnerability
First reported
Last updated
Happening score
H score 25
1 unique sources, 1 articles

Summary

Hide ▲

AWS CodeBuild had an unanchored pull-request filter flaw that let untrusted PRs run privileged builds, creating takeover risk for core AWS GitHub repositories and the AWS Console supply chain.

Related Happenings

AWS Bedrock AgentCore Code Interpreter DNS exfiltration and covert C2 in Sandbox Mode

Technical Analysis
First: 16.03.2026 15:00 Last: 16.03.2026 15:00 Sources 1

About this happening: Researchers demonstrated **DNS-based exfiltration** and covert **C2** against **AWS Bedrock AgentCore Code Interpreter**, showing cloud AI code execution environments can still le...

Open Happening

AWS CodeBuild ACTOR_ID regex bypass security flaw

Vulnerability
First: 15.01.2026 21:31 Last: 15.01.2026 21:31 Sources 1

About this happening: **AWS CodeBuild**'s **ACTOR_ID regex filters** were misconfigured, allowing a build-trigger bypass that could expose privileged GitHub tokens and enable repository takeover. The f...

Open Happening

VoidLink analysis reveals Kubernetes/Docker checks and modular anti-analysis behavior

Technical Analysis
First: 14.01.2026 00:12 Last: 14.01.2026 00:12 Sources 1

About this happening: **VoidLink** is a **Linux C2 framework** built for **cloud and container environments**, with **multi-cloud targeting** across **AWS, Google Cloud Platform, Microsoft Azure, Aliba...

Open Happening

VoidLink modular Linux malware framework for cloud and container operations

Malware Activity
First: 13.01.2026 16:31 Last: 13.01.2026 16:31 Sources 1

About this happening: Researchers uncovered **VoidLink**, a new **Linux malware framework** that expands **C2**, **persistence**, and **post-exploitation** options against **cloud and container environ...

Latest development: 21.01.2026 14:51

Check Point Research concluded that the VoidLink Linux malware targeting Linux-based cloud servers was largely built by AI, likely under the direction of one person, after reviewing exposed planning documents, AI-generated documentation, and the malware's rapid evolution from concept to a working framework in about four weeks rather than the planned 30 weeks.

Open Happening

AWS US-EAST-1 outage disrupts millions of websites and services

Service Disruption
First: 20.10.2025 11:24 Last: 20.10.2025 11:24 Sources 1

About this happening: **AWS** suffered a **major service disruption** that took down **millions of websites** and services, affecting users across the **United States** and **Europe**. The outage hit *...

Open Happening

Timeline

  1. 15.01.2026 17:00 2 articles · 4mo ago

    CodeBreach exposed AWS CodeBuild pull-request filter bypass

    Technical Analysis Update

    Wiz Research disclosed CodeBreach, a critical AWS CodeBuild misconfiguration in the pull-request trigger path that let untrusted pull requests bypass an unanchored ACTOR_ID regex, run privileged builds, steal GitHub credentials from build memory, and gain control of core AWS GitHub repositories including aws/aws-sdk-js-v3; AWS said it anchored the affected regex filters, revoked exposed credentials, and added the Pull Request Comment Approval build gate.

    Show sources
    Open in new tab